On the client side, I'm not sure what the risk is to say a SIP phone that has 5060 and some rtp ports forwarded to it. Maybe someone can come in and list the threats to both ends of a double NAT setup? I'm sure hundreds of us would be very interested in this!
Here is a simple example. A user with a home office has a Cisco ATA-186 for SIP communication with his company's * PBX.
1. He puts the ATA in the DMZ, because he isn't sure what he has to forward, or he intentionally forwards port 80, so the office staff can administer the box. It has a strong password, so he doesn't worry.
2. His firmware has the Password Disclosure Vulnerability, see http://www.cisco.com/warp/public/707/ata186-password-disclosure.shtml
3. Attacker accesses configuration web page on device.
4A. Attacker modifies configuration to send calls through his proxy, listens in on calls. Or,
4B. Attacker downloads new firmware into ATA from his site, installing LAN packet sniffer.
In another case, a user has a SIP phone that polls a server for configuration updates via TFTP, but lacks strong encryption. Attacker sends forged UDP packets in response to (assumed) TFTP request, downloads malicious config.
There are lots more.
--Stewart
_______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users